Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Have a look at the flash demo and then feel free to download it.

Features

The full documentation can be found in the tarball and also here, but here’s a list of what the Ninja does:

Mac OS X Server v10.6 Snow Leopard is a powerful 64-bit server operating system with new features and applications that make it easier for everyone in your organization to collaborate, communicate, and share information. It’s simple to set up and manage, and it’s up to twice as fast as its predecessor, improving performance for file sharing, mail, web hosting, and more.*

Snow Leopard Server is now available in an unlimited-client edition that’s more affordable than ever.